Urbit / Posts

Upcoming Bug Bounty Program

We are in the process of designing our Bug Bounty Program, and it should be live in several days. In the meantime, if you believe you have discovered a bug or vulnerability in our code, please report it at [email protected]

We'll review the issue, and a member of our dev team will get back to you ASAP. If your bug has merit, we'll work with you to fix it, and award a bounty based on the severity of the bug. We determine severity using the CVSS model.

Once the fix is complete, we'll publish a full retrospective in the interests of transparency. If the bug leaks prior to the retrospective being published, the bounty is void.

We look forward to working with you.